WordPress.org

Make WordPress Core


Ignore:
Timestamp:
03/07/2013 05:30:00 AM (9 years ago)
Author:
SergeyBiryukov
Message:

Always escape the URL echoed by header_image(). fixes #23664.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/theme.php

    r23467 r23633  
    982982
    983983/**
    984  * Display header image path.
     984 * Display header image URL.
    985985 *
    986986 * @since 2.1.0
    987987 */
    988988function header_image() {
    989     echo get_header_image();
     989    echo esc_url( get_header_image() );
    990990}
    991991
Note: See TracChangeset for help on using the changeset viewer.